Slashdot Mirror
Russian Hackers Exploited Kaspersky Antivirus To Steal NSA Data on US Cyber Defense: WSJ (wsj.com)
An NSA contractor brought home highly classified documents that detailed how the U.S. penetrates foreign computer networks and defends against cyberattacks. The contractor used Kaspersky antivirus on his home computer, which hackers working for the Russian government exploited to steal the documents, the WSJ reported on Thursday (the link could be paywalled; alternative source), citing multiple people with knowledge of the matter. From the report: The hackers appear to have targeted the contractor after identifying the files through the contractor's use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said. The theft, which hasn't been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S. The incident occurred in 2015 but wasn't discovered until spring of last year, said the people familiar with the matter. Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said. Ahead of the publication of WSJ report, Kaspersky founder Eugene Kaspersky tweeted, "New conspiracy theory, anon sources media story coming. Note we make no apologies for being aggressive in the battle against cyberthreats."
OK fanboys, I've got the popcorn out, what is your new excuse why they should still be trusted? The nonsense people said last week was so rich, I'm waiting for it to grow even more absurd today as the cognitive dissonance builds and blinds them to the quality of their arguments.
The problem here isn't Kaspersky and Russian hackers, they're just being opportunistic.
The REAL problem here is a dumb @$$ contractor who stole classified information and brought it home.
Why isn't the contractor, both company and employee, being punished for breach of secure information? Any other countries' spooks would want this info, including our allies.
Ahh that's right, let's just take this as an opportunity to bash Russia some more while our real enemy China is cleaning out both our industrial trade and military secrets! /sarcasm
Really, who is surprised here that "independent" Russian software company is a front for KGB cyber warfare division (or that CISCO is in bed with NSA) ?
All the time in Order to Control the populace of the Planet.
The backdoors are created by engineers who are covertly working for NSA/JCS and officially for msft, aapl, gogl etc.
If american Software were Not AS crappy AS IT IS, Virusscanners would be unheard of.
Although doesn't this:
Note we make no apologies for being aggressive in the battle against cyberthreats.
Sound like a tacit admission?
Like msft and Google are NSA/jcs fronts.
The idiot Hal Smith, former NSA employee, apparently put stuff that shouldn't have been seen outside a SCIF on his home system. His content was exfiltrated, presumably by Russians. But now it's the vector of the exfiltration's fault that classified material was stolen.
News flash: the system was broken the moment the stuff saw a computer outside of an airgapped network. For that matter, Mr. Smith put himself in criminal jeopardy at that moment.
If the guy had been using Avast or Bitdefender, would that have made you feel better? Do you really think the Russians couldn't penetrate the firms providing those products? Think again.
While we're at it, do you really think that the Russians are the only people soaking up data from the US like a sponge? Why so much focus on their activities? You'd think people had a political axe to grind, almost...
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Because. We say. So.
It's a great story. It never gets old.
"targeted the contractor after identifying the files through the contractor's"... duh ? Wait! What the hell is a contractor doing with classified files on his home computer. Sounds so dumb, it looks like someone Wants to have Kaspersky AV software blamed.
And very likely with pretty much the methods described, I think this cannot get much more hypocritical. And while we _know_ the NSA does this, we only have a scare-story that may turn out to be a complete fantasy on the Russians and Kaspersky.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I’m a bit puzzled: aren’t highly confidential documents stored, viewed and edited only on secured computers? Is it really that easy for a contractor (or even an employee) to grab a copy and leave with it, entirely unnoticed?
So he will probably be charged and convicted. Had he been a government bureaucrat or lets say Sec of State the individual would just retired early with their full pension ;) or like a few I can recall just pretend they did nothing wrong ;) lol
"If you want something made public just provide the information to the government to keep it safe and secure."
1) Any intelligence agency that doesn't look for exploits in commonly used tools isn't doing their job.
2) Kaspersky is a great target for exploit research no matter who you are.
3) Its common practice to keep identified exploits secret for high value zero day attacks JUST like this.
4) Also standard practice to request (or steal) source from domestic (or vulnerable) corps to make exploit location easier.
Not to defend Kaspersky (cause who knows?) but this just sounds like a normal day at the office for this problem space...
is the fact the employee brought home classified documents which somehow found their way onto their home ( read that: Unlikely certified to handle classified information ) computer.
Normally, I would consider this unlikely, but apparently keeping classified info on private systems / servers is all the rage these days :|
"Cyber Czar bans Russian products"
Did anyone ever figure out why we call these guys 'Czars' anyway?
"An NSA contractor brought home highly classified documents"
^^^ THIS
"An NSA contractor brought home highly classified documents" Anything after this point is just blah, blah, blah. It is illegal for this to happen, unless the contractor's home is designated at the correct classified level. Which is highly unlikely. Good cybersecurity is impossible if people don't follow policy and procedure upon which much cybersecurity depends.
I have been using PC since 1986 (changed my primary machine to Mac in 2014, but still use PC here and there) and have never "really" used anti-virus software. My company requires mandatory anti-virus and I hack the machine to disable it. Once in a while (about once a year), I run just to convince myself. It has never ever found any virus so far. If you use certain precautions, you should not need anti-virus.
In 2003, I bought a new Dell machine. When I downloaded jdk, it took 30 min to unzip it. After analyzing, I realized it was related to anti-virus software. Disabled it and it took only seconds. I would never ever install anti-virus software on my machine on a real time scan basis.
So many fucking Russians, holy shit.
So any idea of the company he worked for?
Booz Allen had been running up a nice streak but lost that with reality winner, so have that pushed forward and tried to start streak two?
Russians drank all my beer! Just the other day I bought a six-pack, and now it's gone. Goddammit I blame the Russians!
Am I understanding correctly? Of course I didn't read TFA, but from the summary I'm guessing that dude had Kapersky antivirus, and when he loaded the files it sent them home for scanning, and since they're a Russian company the Russian government has access to the files. This doesn't really make sense to me. It would make sense that it could send the checksums back home to compare, except even that doesn't make a lot of sense, since the "virus database" (aka a list of checksums of flagged blocks) should be local. Maybe he was using some sort of browser plugin version?
The only other way this could make sense is if the Russian government forced K to insert a backdoor into its software, which they used to gain access. So far I've only heard of the USA doing this, so it would be a big deal if this were the case, but since the summary doesn't have some clickbait about massive hole in K products discovered, I also don't think this is the case.
Most likely this is just more stupid "Russia bad, because... Russia!" garbage being spewed by folks who really don't understand or want to understand how things work. Can someone clarify if this isn't the case and I missed something?
In Vladimir Putin's Russia, antivirus infects YOU!
So why are people rushing to defend this attack on our country?
I'd guess 30% of the comments are from Russian trolls, but that still leaves alot of American patsies.
Question - are you really so fucking stupid that you rush to defend a Russian antivirus which has been shown to send your data to the KGB?
I mean - really? You are all really that fucking stupid?
Hmm, so it's OK for a "contractor" to keep top secret info on his HOME computer!? All of these antivirus companies were vulnerable until recently - they trusted dns results to provide IP of where to get latest virus updates..
In my years working on "highly classified" things, we NEVER, EVER brought that stuff home, because we couldn't without breaking all kinds of rules and safeguards. It was a major operation just to get it transferred to another secure facility to work on it. But time after time now we get the story that this or that person had a laptop full of stuff in their car, their house, on the bus, etc. When did the rules change that you can just walk out with extremely sensitive data, or are these lunkheads simply violating all the rules?
This is what happens when you outsource or hire visa workers to do your IT.
It would not surprise that the outsource/visa workers absconded with data themselves.
That being said, did anyone actually ever think kaspersky wasn't working with KGB? I mean if Microsoft, AT&T, Cisco, etc.. Work so closely with NSA do you think Russia is going to take the high ground?
An NSA contractor stole highly classified documents, but before he could sell them, they got stolen.
Because he had no other reason to take home classified documents.
"... making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations ..."
This is actually hilarious and so one-sided. How about this: "... making it more difficult for the NSA to infiltrate the networks of the Russia and other nations. It also could make it easier for the Russian agencies to conduct their work ..."
Why is "our real enemy China"?
Why is talking about actual Russian behavior "bashing"?
Are we only allowed to have one "real enemy"?
Your motives are clear. Russian hacking is "just opportunistic", while Chinese hacking is a "real" threat. Your blindspots are so big you should neither drive, walk, nor use the internet.
30% is too low, try 75-85%. Most of the alt-right support online comes from Russia - the huge difference between that and their physical rallies can't all be accounted for by their inability to climb the basement stairs.
If the feds do their job right, they'll find evidence that Steven Bannon is a traitor who made a deal with Mercer, Putin etc to betray his country.
Ah, so you are wise. So wise that you'll ignore Russia and focus on North Korea, Syria, and Afghanistan.
How is that wise, exactly?
I'm not sure what your cause is. Russian apologist, anti-Assad, Afghani cynic, NK ranter, anti-war, anti-foreign intervention, isolationist, Trump supporter til Death Do You Part...?
But wise, yes, absolutely! In fact the White House should employ you as a strategist because you've got it all figured out.
I'm not sure how we can form a strong opinion on this without better data. Maybe beyond the paywall was some important reveal unknown to me..
If the Russian government was using Kaspersky software installed on computers all over the world to look for files of interest wouldn't some Kaspersky user amongst their sizable user base who has half a clue have noticed the large and unexpected exfiltration of data from their computer? Does this software scan in the cloud? That would seem incredibly slow.
A possibility exists that the U.S. government does not want this software used because it exposes its own clandestine malware.
Both arguments seem absurd to me, so I'm refraining from drawing a conclusion
Honest question for someone who dropped Windows decades ago. How do admins even take their security seriously when their tools have these issues. Something similar happened with, I believe it was, ccleaner a couple months ago. I mean what is the rationale behind infosec in Windows shops?
The contractor used a cracked Kaspersky antivirus. And the cracker was a spyware.
LOL,
Read the headline, it's all there, they already know how to hack into your little trash box.
Getting lost in all the security hype is the obvious:
"An NSA contractor brought home highly classified documents that detailed how the U.S. penetrates foreign computer networks and defends against cyberattacks."
For all the bitching and moaning going on when other countries hack our systems, it's not like we can take the high ground. If you believe that cyberattacks on our nation's networking infrastructure is an act of war, what does this say about us?
Kaspersky's proprietary anti-malware software was never trustworthy. Kaspersky's anti-malware didn't recently become untrustworthy, and the year-plus long Russophobia didn't change anything nor does that craze amongst the war profiteers inform the current situation.
We judge software's trustworthiness by software freedom—the freedom to run, inspect, share, and modify published computer software. If a program is non-free (proprietary, user-subjugating) that program is untrustworthy regardless of what it purports to do, who wrote it, or who distributes it. No review program can ever truly evaluate the trustworthiness of non-free software because either they don't review the program's source code (thus the reviewers don't really know what the program can or will do), or they are under some non-disclosure agreement (in which case the reviewers can't be trusted). You need software freedom even if you don't program (as most computer users don't) so you can give a copy of the free software to someone you trust and ask them for a proper review. This can also be a commercial opportunity (jobs!).
Digital Citizen
I'm still amazed at how "Ivan" has turned into a racist epithet, especially insofar as liberals are now proud of modding up posts that contain nothing more substantial.
Then again, they pretty much invented the N-word, too, along with seceding from the Union over slavery and filibustering the Civil Rights Act, so maybe I shouldn't be too surprised.
Thats your answer to everything. Theres no cognitive dissonance son.
You would appear to have cognitive dissonance. You simply cant accept that Trump won fair and square so there must b some fabricated reason. The Wall st. Journal is a joke rag tabloid that has entertained everything from peepee gate to now this nonsense. You simoly cant accept reality.
Trump 2020
90% of your statistics pulled Out of your nose, eh ?
Or did you get Them from a Horrorwood movie ?
So why are people rushing to defend this attack on our country?
I'm not sure people are, as much as they're not impressed with our country's attack on We The People, even by foreign nationals in CIAs hire.
Plus, is it proven beyond doubt and Hanlon's razor that there was an attack on the attackers?
How is it this can suddenly be discovered 2 years after it allegedly occurred?
Is it not just a slikely that these wholly incompetent agencies need to point a finger elsewhere?
Show me the proof! And any excuse about revealing secrets if proof is revealed is, obviously, bullshit!
Dear fellow citizen of the USA: While it is expected of nation states to seek as much intelligence as possible, including the USA,
current finger-pointing, which is likely unfounded, has got to be nothing short of redirecting attention away from internal incompetence!
Our society is now fraught with BS - consider that NBC claims Tillerson called Trump a moron. Yet, I have yet to see that proof as well.
Self-importance and self-indulgence is the root of ALL evil.